<?php

/*
+--------------------------------------------------------------------------
|   Invision Power Board
|   =============================================
|   by Matthew Mecham
|   (c) 2001 - 2006 Invision Power Services, Inc.
|   http://www.invisionpower.com
|   =============================================
|   Web: http://www.invisionboard.com
|   Licence Info: http://www.invisionboard.com/?license
+---------------------------------------------------------------------------
|   > $Date: 2005-10-10 14:03:20 +0100 (Mon, 10 Oct 2005) $
|   > $Revision: 22 $
|   > $Author: matt $
+---------------------------------------------------------------------------
|
|   > UPLOAD handling methods (KERNEL)
|   > Module written by Matt Mecham
|   > Date started: 15th March 2004
|
|	> Module Version Number: 1.0.0
+--------------------------------------------------------------------------
| ERRORS:
| 1: No upload
| 2: Not valid upload type
| 3: Upload exceeds $max_file_size
| 4: Could not move uploaded file, upload deleted
| 5: File pretending to be an image but isn't (poss XSS attack)
+--------------------------------------------------------------------------
*/

/**
* IPS Kernel Pages: Upload
*
* This class contains all generic functions to handle
* the parsing of $_FILE data.
*
* Example Usage:
* <code>
* $upload = new class_upload();
* $upload->out_file_dir     = './uploads';
* $upload->max_file_size    = '10000000';
* $upload->make_script_safe = 1;
* $upload->allowed_file_ext = array( 'gif', 'jpg', 'jpeg', 'png' );
* $upload->upload_process();
*
* if ( $upload->error_no )
* {
*	  switch( $upload->error_no )
*	  {
*		  case 1301:
*			  // No upload
*			  print "No upload"; exit();
*		  case 1302:
*		  case 1305:
*			  // Invalid file ext
*			   print "Invalid File Extension"; exit();
*		  case 1303:
*			  // Too big...
*			   print "File too big"; exit();
*         case 1304:
*			  // Cannot move uploaded file
*			   print "Move failed"; exit();
*	  }
*  }
* print $upload->saved_upload_name . " uploaded!";
* </code>
* ERRORS:
* 1: No upload
* 2: Not valid upload type
* 3: Upload exceeds $max_file_size
* 4: Could not move uploaded file, upload deleted
* 5: File pretending to be an image but isn't (poss XSS attack)
*
* @package		IPS_KERNEL
* @author		Matt Mecham
* @copyright	Invision Power Services, Inc.
* @version		2.1
*/

/**
*
*/

/**
* Upload Class
*
* Methods and functions for handling file uploads
*
* @package	IPS_KERNEL
* @author   Matt Mecham
* @version	2.1
*/
class class_upload
{
	/**
	* Name of upload form field
	*
	* @var string
	*/
	public $upload_form_field = 'FILE_UPLOAD';
	
	/**
	* Out filename *without* extension
	* (Leave blank to retain user filename)
	*
	* @var string
	*/
	public $out_file_name    = '';
	
	/**
	* Out dir (./upload) - no trailing slash
	*
	* @var string
	*/
	public $out_file_dir     = './';
	
	/**
	* maximum file size of this upload
	*
	* @var integer
	*/
	public $max_file_size    = 0;
	
	/**
	* Forces PHP, CGI, etc to text
	*
	* @var integer
	*/
	public $make_script_safe = 1;
	
	/**
	* Force non-img file extenstion (leave blank if not) (ex: 'ibf' makes upload.doc => upload.ibf)
	*
	* @var string
	*/
	public $force_data_ext   = '';
	
	/**
	* Allowed file extensions array( 'gif', 'jpg', 'jpeg'..)
	*
	* @var array
	*/
	public $allowed_file_ext = array();
	
	/**
	* Array of IMAGE file extensions
	*
	* @var array
	*/
	public $image_ext        = array( 'gif', 'jpeg', 'jpg', 'jpe', 'png' );
	
	/**
	* Check to make sure an image is an image
	*
	* @var boolean flag
	*/
	public $image_check      = 1;
	
	/**
	* Returns current file extension	
	*
	* @var string
	*/
	public $file_extension   = '';
	
	/**
	* If force_data_ext == 1, this will return the 'real' extension
	* and $file_extension will return the 'force_data_ext'
	*
	* @var string
	*/
	public $real_file_extension = '';
	
	/**
	* Returns error number	
	*
	* @var integer
	*/
	public $error_no         = 0;
	
	/**
	* Returns if upload is img or not
	*
	* @var integer
	*/
	public $is_image         = 0;
	
	/**
	* Returns file name as was uploaded by user
	*
	* @var string
	*/
	public $original_file_name = "";
	
	/**
	* Returns final file name as is saved on disk. (no path info)
	*
	* @var string
	*/
	public $parsed_file_name = "";
	
	/**
	* Returns final file name with path info
	*
	* @var string
	*/
	public $saved_upload_name = "";
	
	/*-------------------------------------------------------------------------*/
	// CONSTRUCTOR
	/*-------------------------------------------------------------------------*/
	
	function __construct()
	{
		
	}
	
	
	/*-------------------------------------------------------------------------*/
	// PROCESS THE UPLOAD
	/*-------------------------------------------------------------------------*/
	
	/**
	* Processes the upload
	*
	*/
	
	function upload_process()
	{
		$this->_clean_paths();
		
		//-------------------------------------------------
		// Check for getimagesize
		//-------------------------------------------------
		
		if ( ! function_exists( 'getimagesize' ) )
		{
			$this->image_check = 0;
		}
		
		//-------------------------------------------------
		// Set up some variables to stop carpals developing
		//-------------------------------------------------
		
		$FILE_NAME = isset($_FILES[ $this->upload_form_field ]['name']) ? $_FILES[ $this->upload_form_field ]['name'] : '';
		$FILE_SIZE = isset($_FILES[ $this->upload_form_field ]['size']) ? $_FILES[ $this->upload_form_field ]['size'] : '';
		$FILE_TYPE = isset($_FILES[ $this->upload_form_field ]['type']) ? $_FILES[ $this->upload_form_field ]['type'] : '';
		
		//-------------------------------------------------
		// Naughty Opera adds the filename on the end of the
		// mime type - we don't want this.
		//-------------------------------------------------
		
		$FILE_TYPE = preg_replace( "/^(.+?);.*$/", "\\1", $FILE_TYPE );
		
		//-------------------------------------------------
		// Naughty Mozilla likes to use "none" to indicate an empty upload field.
		// I love universal languages that aren't universal.
		//-------------------------------------------------
		
		if ( !isset($_FILES[ $this->upload_form_field ]['name'])
		or $_FILES[ $this->upload_form_field ]['name'] == ""
		or !$_FILES[ $this->upload_form_field ]['name']
		or !$_FILES[ $this->upload_form_field ]['size']
		or ($_FILES[ $this->upload_form_field ]['name'] == "none") )
		{
			$this->error_no = 1301;
			return;
		}
		
		if( !is_uploaded_file($_FILES[ $this->upload_form_field ]['tmp_name']) )
		{
			$this->error_no = 1301;
			return;
		}
		
		//-------------------------------------------------
		// De we have allowed file_extensions?
		//-------------------------------------------------
		
		if ( ! is_array( $this->allowed_file_ext ) or ! count( $this->allowed_file_ext ) )
		{
			$this->error_no = 1302;
			return;
		}
		
		//-------------------------------------------------
		// Get file extension
		//-------------------------------------------------
		
		$this->file_extension = $this->_get_file_extension( $FILE_NAME );
		
		if ( ! $this->file_extension )
		{
			$this->error_no = 1302;
			return;
		}
		
		$this->real_file_extension = $this->file_extension;
		
		//-------------------------------------------------
		// Valid extension?
		//-------------------------------------------------
		
		if ( ! in_array( $this->file_extension, $this->allowed_file_ext ) )
		{
			$this->error_no = 1302;
			return;
		}
		
		//-------------------------------------------------
		// Check the file size
		//-------------------------------------------------
		
		if ( ( $this->max_file_size ) and ( $FILE_SIZE > $this->max_file_size ) )
		{
			$this->error_no = 1303;
			return;
		}
		
		//-------------------------------------------------
		// Make the uploaded file safe
		//-------------------------------------------------
		
		$FILE_NAME = preg_replace( "/[^\w\.]/", "_", $FILE_NAME );
		
		$this->original_file_name = $FILE_NAME;
		
		//-------------------------------------------------
		// Convert file name?
		// In any case, file name is WITHOUT extension
		//-------------------------------------------------
		
		if ( $this->out_file_name )
		{
			$this->parsed_file_name = $this->out_file_name;
		}
		else
		{
			//$this->parsed_file_name = str_replace( '.'.$this->file_extension, "", $FILE_NAME );
			$this->parsed_file_name   = date("YmdHis").rand(100,999);
		}
		
		//-------------------------------------------------
		// Make safe?
		//-------------------------------------------------
		
		$renamed = 0;
		
		if ( $this->make_script_safe )
		{
			if ( preg_match( "/\.(cgi|pl|js|asp|php|box|html|htm|jsp|jar)(\.|$)/i", $FILE_NAME ) )
			{
				$FILE_TYPE                 = 'text/plain';
				$this->file_extension      = 'txt';
				$this->parsed_file_name	   = preg_replace( "/\.(cgi|pl|js|asp|php|box|html|htm|jsp|jar)(\.|$)/i", "$2", $this->parsed_file_name );
				
				$renamed = 1;
			}
		}
		
		//-------------------------------------------------
		// Is it an image?
		//-------------------------------------------------

		if ( is_array( $this->image_ext ) and count( $this->image_ext ) )
		{
			if ( in_array( $this->file_extension, $this->image_ext ) )
			{
				$this->is_image = 1;
			}
		}
		
		//-------------------------------------------------
		// Add on the extension...我这个星期六给以前在昆山一个纺织厂做的erp系统架在网站给你看下。
		//-------------------------------------------------
		
		if ( $this->force_data_ext and ! $this->is_image )
		{
			$this->file_extension = str_replace( ".", "", $this->force_data_ext ); 
		}
		
		$this->parsed_file_name .= '.'.$this->file_extension;
		
		//-------------------------------------------------
		// Copy the upload to the uploads directory
		// ^^ We need to do this before checking the img
		//    size for the openbasedir restriction peeps
		//    We'll just unlink if it doesn't checkout
		//-------------------------------------------------
		if(!is_dir($this->out_file_dir)) {
				@mkdir($this->out_file_dir, 0777,true);
				@chmod($this->out_file_dir, 0777);
		}
		$this->saved_upload_name = $this->out_file_dir.'/'.$this->parsed_file_name;
		
		if ( ! @move_uploaded_file( $_FILES[ $this->upload_form_field ]['tmp_name'], $this->saved_upload_name) )
		{
			$this->error_no = 1304;
			return;
		}
		else
		{
			@chmod( $this->saved_upload_name, 0777 );
		}
		
		if( !$renamed )
		{
			$this->check_xss_infile();
			
			if( $this->error_no )
			{
				return;
			}
		}
		
		//-------------------------------------------------
		// Is it an image?
		//-------------------------------------------------
		
		if ( $this->is_image )
		{
			//-------------------------------------------------
			// Are we making sure its an image?
			//-------------------------------------------------
			
			if ( $this->image_check )
			{
				$img_attributes = @getimagesize( $this->saved_upload_name );
				
				if ( ! is_array( $img_attributes ) or ! count( $img_attributes ) )
				{
					// Unlink the file first
					@unlink( $this->saved_upload_name );
					$this->error_no = 1305;
					return;
				}
				else if ( ! $img_attributes[2] )
				{
					// Unlink the file first
					@unlink( $this->saved_upload_name );
					$this->error_no = 1305;
					return;
				}
				else if ( $img_attributes[2] == 1 AND ( $this->file_extension == 'jpg' OR $this->file_extension == 'jpeg' ) )
				{
					// Potential XSS attack with a fake GIF header in a JPEG
					@unlink( $this->saved_upload_name );
					$this->error_no = 1305;
					return;
				}
			}
		}
		
		//-------------------------------------------------
		// If filesize and $_FILES['size'] don't match then
		// either file is corrupt, or there was funny
		// business between when it hit tmp and was moved
		//-------------------------------------------------
		
		if( filesize($this->saved_upload_name) != $_FILES[ $this->upload_form_field ]['size'] )
		{
			@unlink( $this->saved_upload_name );
			
			$this->error_no = 1301;
			return;
		}
	}
	
	
	/*-------------------------------------------------------------------------*/
	// INTERNAL: Check for XSS inside file
	/*-------------------------------------------------------------------------*/
	
	/**
	* Checks for XSS inside file.  If found, sets error_no to 1305 and returns
	*
	* @param void
	*/
	
	function check_xss_infile()
	{
		// HTML added inside an inline file is not good in IE...
		
		$fh = fopen( $this->saved_upload_name, 'rb' );
		
		$file_check = fread( $fh, 512 );
		
		fclose( $fh );
		
		if( !$file_check )
		{
			@unlink( $this->saved_upload_name );
			$this->error_no = 1305;
			return;
		}
		
		# Thanks to Nicolas Grekas from comments at www.splitbrain.org for helping to identify all vulnerable HTML tags
		
		else if( preg_match( "#<script|<html|<head|<title|<body|<pre|<table|<a\s+href|<img|<plaintext#si", $file_check ) )
		{
			@unlink( $this->saved_upload_name );
			$this->error_no = 1305;
			return;
		}
	}
	
	/*-------------------------------------------------------------------------*/
	// INTERNAL: Get file extension
	/*-------------------------------------------------------------------------*/
	
	/**
	* Returns the file extension of the current filename
	*
	* @param string Filename
	*/
	
	function _get_file_extension($file)
	{
		return strtolower( str_replace( ".", "", substr( $file, strrpos( $file, '.' ) ) ) );
	}
	
	/*-------------------------------------------------------------------------*/
	// INTERNAL: Clean paths
	/*-------------------------------------------------------------------------*/
	
	/**
	* Trims off trailing slashes
	*
	*/
	
	function _clean_paths()
	{
		$this->out_file_dir = preg_replace( "#/$#", "", $this->out_file_dir );
	}

	
	
}

//---------------------------------------------------------------
//自动生成图片缩略图  
// 本函数从源文件取出图象，设定成指定大小，并输出到目的文件 
// 源文件格式：gif,jpg,jpe,jpeg,png 
// 目的文件格式：jpg 
// 参数说明: 
// 使用示例：makethumb($srcFile,$dstFile,$dstW,$dstH);
// $srcFile 源文件 
// $dstFile 目标文件 
// $dstW 目标图象宽度 
// $dstH 目标图象高度 
//-----------------------------------------------------------------
function makethumb($srcFile,$dstFile,$dstW,$dstH) { 
$data = GetImageSize($srcFile,$info); 
switch ($data[2]) { 
case 1: 
  $im = @imagecreatefromgif($srcFile); //从目标图片中取出图形
  break; 
case 2: 
  $im = @imagecreatefromjpeg($srcFile); 
  break; 
case 3: 
  $im = @ImageCreateFromPNG($srcFile); 
  break; 
} 


$srcW=ImageSX($im); //取出图片的宽度
$srcH=ImageSY($im); //取出图片的长度
$dstX=0; 
$dstY=0; 
if ($srcW*$dstH>$srcH*$dstW)      //图象是横着的！1024，720<768；
{                                 //                           $dstW     
  $fdstH=round($srcH*$dstW/$srcW);//注意，这是等比例缩小，$srcH * -----------，
  $dstY=floor(($dstH-$fdstH)/2);  //                           $srcW  
  $fdstW=$dstW;                   //1024对应720，
}
else{ 
  $fdstW=round($srcW*$dstH/$srcH);//图片是竖着的，缩小后，上下充满时， 
  $dstX=floor(($dstW-$fdstW)/2);  //左右会有空余。
  $fdstH=$dstH;
  } 
//$ni=ImageCreate($dstW,$dstH); 
$ni=imagecreatetruecolor ($dstW,$dstH); 
$dstX=($dstX<0)?0:$dstX; 
$dstY=($dstY<0)?0:$dstY; 
$dstX=($dstX>($dstW/2))?floor($dstW/2):$dstX; 
$dstY=($dstY>($dstH/2))?floor($dstH/2):$dstY; 
$black = ImageColorAllocate($ni, 255,255,255);//填充的背景色
imagefilledrectangle($ni,0,0,$dstW,$dstH,$black); 
ImageCopyResized($ni,$im,$dstX,$dstY,0,0,$fdstW,$fdstH,$srcW,$srcH);//从源图拷贝一块到目标！
ImageJpeg($ni,$dstFile);//如果把图片直接输出到浏览器
//第二个参数去掉，并用header()函数指定mine类型
imagedestroy($im); 
imagedestroy($ni);
}

?>